Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: 82bb5580 by Abhijith PA at 2023-05-03T01:44:06+05:30 Mark CVE-2021-38698, CVE-2021-41803, CVE-2022-24687 and CVE-2022-40716 as not affected. Add commit reference for CVE-2022-24687 with upstream tag. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -52696,6 +52696,7 @@ CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute NOT-FOR-US: D-Link CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...) - consul <unfixed> (bug #1027161) + [buster] - consul <not-affected> (Vulnerable Code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 NOTE: https://github.com/hashicorp/consul/commit/ae822d752ad36007e353249691a0ef318cf55d08 (v1.11.9) CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...) @@ -98178,7 +98179,9 @@ CVE-2022-24688 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. NOT-FOR-US: DSK DSKNet CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, a ...) - consul <unfixed> (bug #1006487) + [buster] - consul <not-affected> (Vulnerable Code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/ + NOTE: https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a (1.9.15) CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...) - nomad <unfixed> (bug #1021273) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 @@ -123883,6 +123886,7 @@ CVE-2021-41804 RESERVED CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...) - consul <unfixed> (bug #1034841) + [buster] - consul <not-affected> (Vulnerable Code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627 NOTE: https://github.com/hashicorp/consul/commit/34872682e44f6e7e6359c88bf9e333fa1002a99b (v1.11.9) CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...) @@ -131684,7 +131688,7 @@ CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...) - consul 1.8.7+dfsg1-6 (bug #1015218) [bullseye] - consul <no-dsa> (Minor issue) - [buster] - consul <no-dsa> (Minor issue) + [buster] - consul <not-affected> (Vulnerable code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82bb558032826c53ec6e6272ff0fdc41103bdc06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82bb558032826c53ec6e6272ff0fdc41103bdc06 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits